Have also added these entries to syncrepl now, but without any success: tls_cert=/etc/ssl/openldap/dannatu.ch.pem tls_key=/etc/ssl/openldap/dannatu.ch.key tls_cacert=/etc/ssl/certs/dannatuCA-cacert.pem
This would indicate you want to do client cert authentication with the syncrepl client, which as far as I know, you are not using (based on your earlier configuration). You need to remove the tls_cert and tls_key lines. I've tested with OpenLDAP 2.4.45 and TLS works as expected with replication.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>